Nie moge zaktualizowac visty

[serenity15]

Podczas próby aktualizacji wyrzuca mi błąd:
System Windows Nie moze Wyszukac nowych aktualizacji
Kod błedu: 80244019

daje log z Hjiackthis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:52, on 2008-10-29
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Users\Serenity\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Startup: Rejestracja FIFA 09.lnk = E:\FIFA 09\Support\EAregister.exe
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A69A64C2-2079-41A1-B6F9-1F824ACF4668}: NameServer = 85.255.112.166;85.255.112.185
O17 - HKLM\System\CCS\Services\Tcpip\..\{F555436C-D9DA-4C8B-B2CE-4BB28C0B4122}: NameServer = 85.255.112.166;85.255.112.185
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdbkj.exe

--
End of file - 10786 bytes


Po szukaniu odpowiedzi w pomocy MS doszłem do wnioskuze te dwa wpisy przekierowuja połącznie:

Kod: Zaznacz wszystko

O17 - HKLM\System\CCS\Services\Tcpip\..\{A69A64C2-2079-41A1-B6F9-1F824ACF4668}: NameServer = 85.255.112.166;85.255.112.185
O17 - HKLM\System\CCS\Services\Tcpip\..\{F555436C-D9DA-4C8B-B2CE-4BB28C0B4122}: NameServer = 85.255.112.166;85.255.112.185

jak to naprawic? dzieki

[Magik]

odpal hijacka->wybierz "do a scan only" zaptaszkuj co tzreba i wybierz "fix checked"

Kod: Zaznacz wszystko

O17 - HKLM\System\CCS\Services\Tcpip\..\{A69A64C2-2079-41A1-B6F9-1F824ACF4668}: NameServer = 85.255.112.166;85.255.112.185
O17 - HKLM\System\CCS\Services\Tcpip\..\{F555436C-D9DA-4C8B-B2CE-4BB28C0B4122}: NameServer = 85.255.112.166;85.255.112.185

[serenity15]

robiłem to i wracało ...

[Magik]

hmm.to moze byc infekcja DNS//potrzebny jest log z combofix'a

[serenity15]

nie moge odpalic combofixa pisze tak "nazwa jest powtórzona lub nie mozna odnależc okreslonego pliku"

Dodano 29.10.2008 19:58:27:
moze mi ktos zuplaodowac na rapidskare np. combofixa gdyz nie moge go pobrac i dowiedziałem sie ze mam trojana blokujacego pobieranie go

[Magik]

http://www.sendspace.pl/file/Ny6JYGV7/

[serenity15]

Kod: Zaznacz wszystko

ComboFix 08-10-29.07 - Serenity 2008-10-29 21:08:20.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1250.1.1045.18.1884 [GMT 1:00]
Uruchomiony z: C:\Users\Serenity\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-09-28 do 2008-10-29  )))))))))))))))))))))))))))))))
.

2008-10-29 19:44 . 2008-10-29 19:44    <DIR>    dr---c---    C:\Program Files\Norton Support
2008-10-29 19:42 . 2008-10-29 19:42    <DIR>    d----c---    C:\Program Files\Symantec
2008-10-29 19:42 . 2008-10-29 19:45    <DIR>    d----c---    C:\Program Files\Common Files\Symantec Shared
2008-10-29 19:42 . 2008-10-29 19:42    124,464    --a--c---    C:\Windows\System32\drivers\SYMEVENT.SYS
2008-10-29 19:42 . 2008-10-29 19:41    25,136    -ra--c---    C:\Windows\System32\drivers\SymIMV.sys
2008-10-29 19:42 . 2008-10-29 19:42    10,635    --a--c---    C:\Windows\System32\drivers\SYMEVENT.CAT
2008-10-29 19:42 . 2008-10-29 19:42    806    --a--c---    C:\Windows\System32\drivers\SYMEVENT.INF
2008-10-29 19:41 . 2008-10-29 19:41    <DIR>    d----c---    C:\Windows\System32\drivers\NAV
2008-10-29 19:41 . 2008-10-29 19:41    <DIR>    d--------    C:\Users\All Users\NortonInstaller
2008-10-29 19:41 . 2008-10-29 19:42    <DIR>    d--------    C:\Users\All Users\Norton
2008-10-29 19:41 . 2008-10-29 19:41    <DIR>    d--------    C:\ProgramData\NortonInstaller
2008-10-29 19:41 . 2008-10-29 19:42    <DIR>    d--------    C:\ProgramData\Norton
2008-10-29 19:41 . 2008-10-29 19:41    <DIR>    d----c---    C:\Program Files\NortonInstaller
2008-10-29 19:41 . 2008-10-29 19:41    <DIR>    d----c---    C:\Program Files\Norton AntiVirus
2008-10-29 18:37 . 2008-10-29 18:37    <DIR>    d----c---    C:\Program Files\Trend Micro
2008-10-29 17:58 . 2008-10-29 17:58    <DIR>    d----c---    C:\Windows\PCHEALTH
2008-10-29 17:58 . 2008-10-29 17:58    <DIR>    d----c---    C:\Program Files\Microsoft.NET
2008-10-29 17:57 . 2008-10-29 17:57    <DIR>    d----c---    C:\Program Files\Microsoft Visual Studio 8
2008-10-29 17:55 . 2008-10-29 17:55    <DIR>    dr-h-c---    C:\MSOCache
2008-10-29 12:08 . 2008-10-29 12:08    <DIR>    d----c---    C:\Users\Serenity\AppData\Roaming\Leadertech
2008-10-28 19:08 . 2008-10-28 19:08    <DIR>    dr-h-c---    C:\Users\Serenity\AppData\Roaming\SecuROM
2008-10-28 16:17 . 2008-10-28 16:17    <DIR>    dr---c---    C:\Users\Serenity\Contacts
2008-10-28 10:18 . 2008-10-28 10:18    <DIR>    d--------    C:\Users\All Users\LightScribe
2008-10-28 10:18 . 2008-10-28 10:18    <DIR>    d--------    C:\ProgramData\LightScribe
2008-10-28 10:17 . 2008-10-28 10:19    <DIR>    d----c---    C:\Users\Serenity\AppData\Roaming\Nero
2008-10-28 09:56 . 2008-10-28 09:56    4,767    --a--c---    C:\Windows\Irremote.ini
2008-10-28 09:47 . 2008-10-28 09:52    <DIR>    d--------    C:\Users\All Users\Nero
2008-10-28 09:47 . 2008-10-28 09:52    <DIR>    d--------    C:\ProgramData\Nero
2008-10-28 09:47 . 2008-10-28 09:56    <DIR>    d----c---    C:\Program Files\Nero
2008-10-28 09:47 . 2008-10-28 10:04    <DIR>    d----c---    C:\Program Files\Common Files\Nero
2008-10-27 20:25 . 2008-10-27 20:25    <DIR>    d----c---    C:\Users\Serenity\Bluetooth Software
2008-10-27 12:18 . 2008-10-27 12:18    107,888    --a--c---    C:\Windows\System32\CmdLineExt.dll
2008-10-27 10:54 . 2008-02-22 12:30    334,792    --a--c---    C:\Windows\System32\_AxShlEx.dll
2008-10-27 10:53 . 2008-10-27 10:53    <DIR>    d----c---    C:\Program Files\Alcohol Soft
2008-10-27 10:51 . 2008-10-27 10:51    716,272    --a--c---    C:\Windows\System32\drivers\sptd.sys
2008-10-27 10:21 . 2008-10-27 10:22    <DIR>    d----c---    C:\Users\Serenity\Gadu-Gadu
2008-10-27 09:04 . 2008-10-27 09:18    <DIR>    d----c---    C:\Users\Serenity\AppData\Roaming\Winamp
2008-10-27 09:04 . 2008-10-27 09:05    <DIR>    d----c---    C:\Program Files\Winamp
2008-10-27 09:04 . 2007-03-08 00:51    129,784    -----c---    C:\Windows\System32\pxafs.dll
2008-10-27 08:47 . 2008-10-27 08:47    29,192    --a--c---    C:\Windows\System32\drivers\ndisprot.sys
2008-10-26 22:06 . 2008-10-29 20:52    49,660    --a------    C:\Users\All Users\nvModes.dat
2008-10-26 22:06 . 2008-10-29 20:52    49,660    --a------    C:\ProgramData\nvModes.dat
2008-10-26 22:04 . 2008-04-03 21:56    1,079,840    --a--c---    C:\Windows\System32\nvcpluir.dll
2008-10-26 22:04 . 2008-04-03 21:56    768,544    --a--c---    C:\Windows\System32\nvcplui.exe
2008-10-26 22:04 . 2008-04-03 21:56    420,384    --a--c---    C:\Windows\System32\nvcpl.cpl
2008-10-26 22:04 . 2008-04-03 21:56    313,888    --a--c---    C:\Windows\System32\nvexpbar.dll
2008-10-26 21:27 . 2008-10-26 22:12    <DIR>    d-a------    C:\Users\All Users\TEMP
2008-10-26 21:27 . 2008-10-26 22:12    <DIR>    d-a------    C:\ProgramData\TEMP
2008-10-26 21:27 . 2008-10-26 23:42    <DIR>    d----c---    C:\Fraps
2008-10-26 21:13 . 2008-10-26 21:13    <DIR>    d----c---    C:\Program Files\Marvell
2008-10-26 21:12 . 2008-10-26 21:12    <DIR>    d----c---    C:\Windows\BUVC_AP
2008-10-26 20:40 . 2008-10-22 19:42    4,160    --a--c---    C:\Windows\System32\drivers\nvBridge.kmd
2008-10-26 20:34 . 2008-10-08 02:52    122,880    --a--c---    C:\Windows\System32\nvcod134.dll
2008-10-26 19:23 . 2008-10-26 19:23    <DIR>    d----c---    C:\Program Files\Sunrise Vista Konfigurator
2008-10-26 18:30 . 2008-10-26 18:30    40    --ah-c---    C:\Windows\System32\ivireg.ivr
2008-10-26 17:35 . 2008-10-29 21:04    <DIR>    d----c---    C:\Users\Serenity\AppData\Roaming\SiteAdvisor
2008-10-26 07:24 . 2008-10-26 07:24    <DIR>    d----c---    C:\Users\Serenity\AppData\Roaming\Media Player Classic
2008-10-26 07:16 . 2008-10-26 07:16    <DIR>    d----c---    C:\Program Files\NAPI-PROJEKT
2008-10-26 03:20 . 2008-05-06 19:10    749,568    --a--c---    C:\Windows\AcerStore.exe
2008-10-26 03:20 . 2008-06-24 19:20    2,968    --ahsc---    C:\Patch.rev
2008-10-26 03:20 . 2008-10-26 03:20    1,300    --a--c---    C:\Windows\AceStore.cfg
2008-10-26 03:19 . 2008-01-10 20:44    199,176    --a--c---    C:\Windows\GVUni.exe
2008-10-26 03:19 . 2008-10-26 03:18    1,276    --a--c---    C:\Windows\System32\AcerScre.cfg
2008-10-26 03:18 . 2008-10-26 03:18    <DIR>    d----c---    C:\Windows\Users
2008-10-26 03:18 . 2008-04-28 15:29    3,658,752    --a--c---    C:\Windows\System32\drivers\NETw5v32.sys
2008-10-26 03:18 . 2008-04-19 01:09    2,756,608    --a--c---    C:\Windows\System32\NETw5r32.dll
2008-10-26 03:18 . 2008-04-19 01:08    659,456    --a--c---    C:\Windows\System32\NETw5c32.dll
2008-10-26 03:18 . 2007-12-04 00:11    207,368    --a--c---    C:\Windows\UNINST32.EXE
2008-10-26 03:18 . 2006-11-03 06:29    21,264    --a--c---    C:\Windows\System32\drivers\DKbFltr.sys
2008-10-25 17:53 . 2008-04-30 15:00    204,800    --a------    C:\Windows\System32\SysHook.dll
2008-10-25 17:51 . 2008-10-25 17:51    <DIR>    d----c---    C:\Users\Serenity\AppData\Roaming\Yahoo!
2008-10-25 17:51 . 2008-10-25 17:51    <DIR>    d----c---    C:\Program Files\Launch Manager
2008-10-25 17:51 . 2008-10-25 17:51    83    --a--c---    C:\Windows\LManager.UNI
2008-10-25 17:50 . 2008-10-25 17:50    <DIR>    d----c---    C:\Users\Serenity\AppData\Roaming\InstallShield
2008-10-25 17:50 . 2008-10-25 17:50    <DIR>    d----c---    C:\Users\Serenity\AppData\Roaming\Acer
2008-10-25 17:50 . 2008-10-25 17:50    <DIR>    d----c---    C:\Program Files\SuYin
2008-10-25 17:50 . 2007-03-29 15:48    626,688    --a--c---    C:\Windows\Image.dll
2008-10-25 17:50 . 2008-04-25 11:09    506,368    --a--c---    C:\Windows\Acer Crystal Eye webcam.EXE
2008-10-25 17:50 . 2007-04-20 05:30    222,382    --a--c---    C:\Windows\Acer Crystal Eye webcam.ico
2008-10-25 17:50 . 2008-04-22 12:21    9,216    --a--c---    C:\Windows\usbvideo_reg.exe
2008-10-25 17:50 . 2008-02-25 10:13    4,838    --a--c---    C:\Windows\Suyin.reg
2008-10-25 17:50 . 2007-10-29 12:35    36    --a--c---    C:\Windows\PidList.ini
2008-10-25 17:49 . 2008-10-25 17:49    <DIR>    d----c---    C:\Windows\System32\es-MX
2008-10-25 17:49 . 2008-10-25 17:49    <DIR>    d----c---    C:\Windows\System32\es-AR
2008-10-25 17:49 . 2008-10-25 17:49    <DIR>    d----c---    C:\Program Files\WIDCOMM
2008-10-25 17:49 . 2008-02-12 22:19    233,472    --a--c---    C:\Windows\System32\BtwRSupport.dll
2008-10-25 17:49 . 2007-07-16 16:20    80,936    --a--c---    C:\Windows\System32\drivers\btwavdt.sys
2008-10-25 17:49 . 2008-02-14 17:17    80,424    --a--c---    C:\Windows\System32\drivers\btwaudio.sys
2008-10-25 17:49 . 2007-07-16 16:20    16,168    --a--c---    C:\Windows\System32\drivers\btwrchid.sys
2008-10-25 17:48 . 2008-10-25 17:48    125    --a--c---    C:\Windows\xUninstall.bat
2008-10-25 17:47 . 2008-10-25 17:47    <DIR>    d----c---    C:\Windows\JMCR_DIR
2008-10-25 17:47 . 2008-03-14 02:48    290,816    --a--c---    C:\Windows\RTKVADDA.EXE
2008-10-25 17:47 . 2007-10-26 18:26    15,086    --a--c---    C:\Windows\System32\jmcr_xd.ico
2008-10-25 17:47 . 2007-10-26 17:55    15,086    --a--c---    C:\Windows\System32\jmcr_ms.ico
2008-10-25 17:47 . 2007-10-26 16:58    15,086    --a--c---    C:\Windows\System32\jmcr_mmc.ico
2008-10-25 17:47 . 2007-11-15 00:18    553    --a--c---    C:\Windows\USetup.iss
2008-10-25 17:46 . 2008-10-25 17:46    <DIR>    d----c---    C:\Windows\System32\RTCOM
2008-10-25 17:45 . 2008-10-25 17:45    <DIR>    d----c---    C:\Program Files\Realtek
2008-10-25 17:43 . 2008-10-25 17:43    <DIR>    d----c---    C:\CLSetup
2008-10-25 17:43 . 2008-10-25 17:43    20    --a--c---    C:\Medion.ini
2008-10-25 17:37 . 2008-10-26 22:07    <DIR>    d--------    C:\Users\All Users\NVIDIA
2008-10-25 17:37 . 2008-10-26 22:07    <DIR>    d--------    C:\ProgramData\NVIDIA
2008-10-25 17:37 . 2008-10-25 17:37    <DIR>    d--hsc---    C:\$RECYCLE.BIN
2008-10-25 17:36 . 2008-10-25 17:36    <DIR>    d----c---    C:\Program Files\Convesoft
2008-10-25 17:36 . 2008-10-29 20:47    12    --a------    C:\Windows\bthservsdp.dat
2008-10-25 17:34 . 2006-11-02 13:37    <DIR>    d----c---    C:\Users\Serenity\AppData\Roaming\Media Center Programs
2008-10-25 17:34 . 2008-05-12 23:27    <DIR>    d----c---    C:\Users\Serenity\AppData\Roaming\Acer GameZone Console
2008-10-25 17:34 . 2008-10-25 17:36    <DIR>    d--h-c---    C:\Users\Serenity\AppData
2008-10-25 17:34 . 2008-10-29 19:42    <DIR>    d----c---    C:\Users\Serenity
2008-10-25 17:31 . 2008-10-25 17:31    <DIR>    dr-------    C:\Windows\System32\config\systemprofile\Contacts
2008-10-25 17:27 . 2008-10-22 16:55    453,152    --a--c---    C:\Windows\System32\nvuninst.exe
2008-10-25 16:27 . 2008-10-25 16:27    <DIR>    d----c---    C:\Program Files\Java
2008-10-25 16:27 . 2008-10-25 16:27    410,976    --a--c---    C:\Windows\System32\deploytk.dll
2008-10-25 16:22 . 2008-10-25 16:22    <DIR>    d--------    C:\Users\All Users\Real
2008-10-25 16:22 . 2008-10-25 16:22    <DIR>    d----c---    C:\Program Files\K-Lite Codec Pack
2008-10-25 16:19 . 2008-10-25 19:27    <DIR>    d----c---    C:\Program Files\jv16 PowerTools 2008
2008-10-25 16:18 . 2008-10-26 07:25    <DIR>    d----c---    C:\Users\Serenity\AppData\Roaming\BSplayer PRO
2008-10-25 16:18 . 2008-10-25 16:18    <DIR>    d----c---    C:\Program Files\Webteh
2008-10-25 16:06 . 2008-10-25 16:06    <DIR>    d----c---    C:\Users\Serenity\AppData\Roaming\Corel
2008-10-25 16:06 . 2008-10-28 21:13    <DIR>    d--------    C:\Users\All Users\Corel
2008-10-25 16:06 . 2008-10-28 21:13    <DIR>    d--------    C:\ProgramData\Corel
2008-10-25 16:06 . 2008-10-25 16:06    <DIR>    d----c---    C:\Program Files\InterVideo
2008-10-25 16:06 . 2008-10-25 16:06    <DIR>    d----c---    C:\Program Files\Common Files\Protexis
2008-10-25 16:06 . 2008-10-25 16:06    <DIR>    d----c---    C:\Program Files\Common Files\InterVideo
2008-10-25 16:06 . 2008-10-28 21:13    3,766    --ahs----    C:\Users\All Users\KGyGaAvL.sys

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 17:04    ---------    d-----w    C:\ProgramData\Microsoft Help
2008-10-29 16:59    ---------    dc----w    C:\Program Files\MSBuild
2008-10-29 16:59    ---------    dc----w    C:\Program Files\Microsoft Works
2008-10-28 19:46    ---------    d-----w    C:\ProgramData\CyberLink
2008-10-27 11:12    ---------    dc-h--w    C:\Program Files\InstallShield Installation Information
2008-10-26 02:18    28,728    -c--a-w    C:\Windows\system32\drivers\msahci.sys
2008-10-26 02:18    21,560    ----a-w    C:\Windows\system32\drivers\atapi.sys
2008-10-25 16:45    319,456    -c--a-w    C:\Windows\DIFxAPI.dll
2008-10-25 16:45    315,392    -c--a-w    C:\Windows\HideWin.exe
2008-10-25 16:31    ---------    d-sh--w    C:\ProgramData\Ulubione
2008-10-25 16:31    ---------    d-sh--w    C:\ProgramData\Szablony
2008-10-25 16:31    ---------    d-sh--w    C:\ProgramData\Pulpit
2008-10-25 16:31    ---------    d-sh--w    C:\ProgramData\Menu Start
2008-10-25 16:31    ---------    d-sh--w    C:\ProgramData\Dokumenty
2008-10-25 16:31    ---------    d-sh--w    C:\ProgramData\Dane aplikacji
2008-10-25 11:37    ---------    dc----w    C:\Program Files\Cyberlink
2008-10-25 11:37    ---------    dc----w    C:\Program Files\Acer GameZone
2008-10-25 11:35    ---------    dc----w    C:\Program Files\NewTech Infosystems
2008-10-25 11:11    ---------    dc----w    C:\Program Files\Acer
2008-10-25 11:10    ---------    d-----w    C:\ProgramData\McAfee
2008-10-25 11:08    ---------    dc----w    C:\Program Files\Windows Mail
2008-10-25 10:57    ---------    d-----w    C:\ProgramData\SiteAdvisor
2008-10-25 10:56    ---------    dc----w    C:\Program Files\Yahoo!
2008-09-18 02:16    2,032,640    ----a-w    C:\Windows\System32\win32k.sys
2008-09-16 00:14    3,596,288    -c--a-w    C:\Windows\System32\qt-dx331.dll
2008-09-16 00:12    81,920    -c--a-w    C:\Windows\System32\dpl100.dll
2008-09-16 00:11    683,520    -c--a-w    C:\Windows\System32\divx.dll
2008-08-05 09:49    428,544    ----a-w    C:\Windows\System32\EncDec.dll
2008-08-05 09:49    293,376    ----a-w    C:\Windows\System32\psisdecd.dll
2008-08-02 03:26    36,864    ----a-w    C:\Windows\System32\cdd.dll
2008-07-31 09:41    68,616    -c--a-w    C:\Windows\System32\XAPOFX1_1.dll
2008-07-31 09:41    238,088    -c--a-w    C:\Windows\System32\xactengine3_2.dll
2008-07-31 09:40    509,448    -c--a-w    C:\Windows\System32\XAudio2_2.dll
2008-07-31 03:32    460,288    ----a-w    C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32    28,160    ----a-w    C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32    2,154,496    ----a-w    C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32    173,056    ----a-w    C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13    4,240,384    ----a-w    C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-21 02:43    174    --sha-w    C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38    121392    --a------    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-10-27 4608]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-04-01 793096]
"eAudio"="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]
"ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]
"WarReg_PopUp"="C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-04-03 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-04-03 92704]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-25 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-21 C:\Windows\SkyTel.exe]

C:\Users\Serenity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rejestracja FIFA 09.lnk - E:\FIFA 09\Support\EAregister.exe [2008-08-13 4369408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2008-10-25 1216512]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-02-12 723496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3506714603-228676838-588133962-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{21F46B6E-FC2F-449C-B43E-2604000C9531}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{8DBC28F5-63E8-4612-BB44-D6079EF3A713}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{C3DE6CC8-F9A7-438A-B0C4-1408C77B0912}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{E0AFF092-7ECD-4707-973E-DDF6E0EC8700}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{49E91D78-C8A7-4C2D-BA66-536C05D6FF66}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{13BAA624-DE4B-4DB5-B333-9AC10925CE65}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{E99D42EF-F334-4F03-BA60-3EB3BB7AB355}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{97DD8F5C-D8D1-4F9A-9D4B-23C5306F2B7D}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM
"{B5DC229D-19E9-41B4-A290-3172F3D45624}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{4756CECB-3C72-4582-B582-B45471E2C4BF}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{B9C5EBD9-0054-4C10-A1F0-651C943793C4}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{EF934C38-0933-4EF5-AFC2-533E479EFA58}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{01AFBF80-0A1B-46BE-ABDE-CA5033FB8CFC}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{8FA90F1B-2227-4D57-831D-AA5C43904308}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{B9A0D797-B487-421E-8B2E-133D070D9DAC}"= UDP:E:\Kompania Braci - Na Linii Frontu\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{3D3573DD-7F58-4D1E-92AF-8C49FC97C8BB}"= TCP:E:\Kompania Braci - Na Linii Frontu\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{21FC9EE8-E3C6-4782-BA6B-93B5AD20FF4F}"= UDP:E:\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{96ACDDCC-3DCA-4F1F-A5F0-5C65C00C067C}"= TCP:E:\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{CA52CBB6-2C6A-4035-AE95-6B93F0D54B32}"= UDP:E:\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{680CBB64-CC83-4221-B7CC-FF5B739E9F74}"= TCP:E:\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{7AEABA94-BE72-4828-A1E5-67175CCA5EED}"= UDP:E:\Far Cry 2\bin\FC2Editor.exe:Editor
"{8BAF854E-BDB2-4F32-B58F-9720DA3CEDC0}"= TCP:E:\Far Cry 2\bin\FC2Editor.exe:Editor
"{898DFC52-3A33-4A75-9210-737D3E16324A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BCDF90D9-48CC-437E-86B8-93DCD0F23C6A}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{63CF92EF-F93D-4ABE-BD0A-54ACCE445547}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F44C1747-D32C-4E76-807D-B1B0EBD4E6AC}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EB80B433-CA96-4B37-9B1D-430B3C06E6F8}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAV\1000000.07D\SYMEFA.SYS [2008-10-29 309296]
R1 BHDrvx86;Symantec Heuristics Driver;C:\Windows\system32\drivers\NAV\1000000.07D\BHDrvx86.sys [2008-10-29 254512]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NAV\1000000.07D\ccHPx86.sys [2008-10-29 362544]
R1 IDSVix86;IDSVix86;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSVix86.sys [2008-10-29 289840]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\PlayMovie\[u]0[/u]00.fcl [2008-04-18 14:01 61424]
R2 CLHNService;CLHNService;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 Norton AntiVirus;Norton AntiVirus;C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe /s Norton AntiVirus /m C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll [ ]
R2 NTIPPKernel;NTIPPKernel;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R2 PSI_SVC_2;Protexis Licensing V2;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R2 RS_Service;Raw Socket Service;C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
R3 NETw5v32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2008-04-03 43552]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\drivers\NAV\1000000.07D\SYMNDISV.SYS [2008-10-29 40496]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2008-02-21 299008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 btwaudio;Urz1dzenie dYwiekowe Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 80936]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168]
S3 Ndisprot;ArcNet NDIS Protocol Driver;C:\Windows\system32\drivers\Ndisprot.sys [2008-10-27 29192]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ

*Newly Created Service* - ERASERUTILREBOOTDRV
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Users\Serenity\AppData\Roaming\Mozilla\Firefox\Profiles\hb6tsm2h.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 21:13:49
Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-10-29 21:14:33
ComboFix-quarantined-files.txt  2008-10-29 20:14:28
ComboFix2.txt  2008-10-29 19:34:18

Przed: 45 854 441 472 bajtów wolnych
Po: 45,838,901,248 bajtów wolnych

302    --- E O F ---    2008-10-26 08:07:13

[Magik]

Kod: Zaznacz wszystko

C:\Patch.rev
C:\Windows\Suyin.reg
C:\Medion.ini


przeskanuj te pliki na virustotal.com

ten takze

Kod: Zaznacz wszystko

C:\Windows\System32\SysHook.dll

to jest plik syfu, ale chce miec pewnosc

ten plik mozesz usunac recznie

Kod: Zaznacz wszystko

C:\Program Files\desktop.ini

i odpal

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt

[serenity15]

C:\Patch.rev

tego nie widze

C:\Windows\Suyin.reg

wynik

Plik Suyin.reg otrzymany 2008.10.12 13:55:27 (CET)
Obecny status: zakończono
Wynik: 0/36 (0.00%)

C:\Medion.ini

tego tez nie widze

C:\Windows\System32\SysHook.dll

wynik

Plik SysHook.dll otrzymany 2008.10.30 16:44:39 (CET)
Obecny status: Ładowanie ... w kolejce oczekuje skanowanie zakończono NIE ZNALEZIONO ZATRZYMANE
Wynik: 0/36 (0%)

Poczekaj aż ukończy i komputer zresetuje

Raportu nie moge zrobc gdyz program sie nie uruchamia. Mignie to niebieskie okienko i nic